flattyestate.net - Warnings and errors are present in the console

[kai3341]

URL: https://flattyestate.net/xc/en/users/sign-up

Browser / Version: Firefox 113.0
Operating System: Linux
Tested Another Browser: Yes Chrome

Problem type: Something else
Description: Content Secutiry Policy: weird
Steps to Reproduce:
I see warnings about script-src section, BUT these settings I've add into style-src section

There are NO settings data:, 'unsafe-inline', https: settings at script-src, they are at style-src and connect-src

Also I see warning about setting http:. OK, it WAS an error, I fixed it and right not I can't find the text http: on the page. But after force page refresh I still see SCP warning. The most funny I see similar but not the same picture in Private Mode

But I don't see these warnings in Chromium.

Maybe I don't see something important, so it's my error. But on my experience this behavior happens when memory is not reinitialized correctly

View the screenshot

Browser Configuration

• None

From webcompat.com with ❤️

[softvision-raul-bucata]

We appreciate your report. I was able to reproduce the issue. The console shows the warnings and some additional errors.

Tested with:

Browser / Version: Firefox Release 114.0 (64-bit)/ Firefox Nightly 116.0a1 (2023-06-08) (64-bit)
Operating System: Ubuntu 22.4 LTS x64

Notes:

1. Reproducible regardless of the status of ETP.
2. Reproducible on the latest build of Firefox Nightly and Release.
3. Works as expected using Chrome (no errors/warnings shown).

Moving this to NeedsDiagnosis for further investigations.

[qa_23/2023]

[denschub]

The warnings I see are just Firefox ignoring some directives that are not yet fully supported by Firefox. @kai3341, is there anything actually broken on the site, or are you just concerned about the warnings? If you're concerned about the warnings but nothing is broken, it's relatively fair to say that you can ignore those. Firefox CSP Level 3 work is still ongoing, so this is fine.

[kai3341]

@denschub It looks nothing is broken. Root of this issue was weird behavior of CSP warnings

I saw similar behavior in different product for a years ago, and there problems were because memory wasn't clear after previous usage. So, I was afraid in current case I see the symptom of uninitialized memory usage. That's why I created this issue

And other, for your information. I see some difference between Firefox and Chromium:

1. Chromium doesn't recognize data: scheme. But both of them understand blob:
2. Chromium's SCP warnings are done much better